On 8/01/2013 3:26 a.m., Grooz, Marc (regio iT) wrote:
Hi , i've got a question about a external_acl. We use an own external helper to check if a user is in a particular group and then assign a special outgoing ip address. Here is an example: external_acl_type HELPER ttl=3600 negative_ttl=300 children=10 concurrency=0 cache=0 grace=0 protocol=2.5 %SRC /path/to/helper acl group1 external HELPER group1 acl group2 external HELPER group2 http_access allow group1 tcp_outgoing_address 1.2.3.4 group1 http_access allow group2 tcp_outgoing_address 1.2.3.5 group2 In the helper protocol I notice that squid try to reauthenticate User that belongs to group2 every 10 minutes in group1, even when they already allowed in group2. Is there an option that squid tell to remember successful authentications?
There is no authentication taking pace above. Only authorization for requests to be served by Squid using one of two IPs.
Why not have the helper checking which group they are part of and tagging the request?
The helper gets passed the IP and both groups and in onel lookup returns "OK tag=group1" or "OK tag=group2"
Making the ACLs these: acl groups external HELPER group1 group2 acl group1 tag group1 acl group2 tag group2 Then you adjust http_access like so: http_access allow groups Amos
